If i have a local Network 10.103.131.224/28 and 10.103.131.242 should it have a better metric as the VPN SA 10.0.0.0/8 (normaly a smaler Netmask is better then large).
But it looks like the ASG routes a ping form 10.103.131.230 to 10.103.131.242 inside the VPN Tunnel. When i dissable the VPN everything is perfekt.
VPN Dissable:
Wall-e:/home/login # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.103.131.224 * 255.255.255.240 U 0 0 0 eth0.1310
10.103.131.240 * 255.255.255.240 U 0 0 0 eth0.1311
loopback * 255.0.0.0 U 0 0 0 lo
192.168.180.0 * 255.255.255.224 U 0 0 0 eth0.1
192.168.180.32 * 255.255.255.224 U 0 0 0 eth0.32
lo1.br12.asham. * 255.255.255.255 UH 0 0 0 ppp0
VPN enabled
Wall-e:/home/login # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.0.0.0 U 0 0 0 ppp0
10.103.131.224 * 255.255.255.240 U 0 0 0 eth0.1310
10.103.131.240 * 255.255.255.240 U 0 0 0 eth0.1311
loopback * 255.0.0.0 U 0 0 0 lo
172.30.0.0 * 255.255.0.0 U 0 0 0 ppp0
192.168.0.0 * 255.255.0.0 U 0 0 0 ppp0
192.168.180.0 * 255.255.255.224 U 0 0 0 eth0.1
192.168.180.32 * 255.255.255.224 U 0 0 0 eth0.32
lo1.br12.asham. * 255.255.255.255 UH 0 0 0 ppp0
VPN Configuration:
local Networks:
10.103.131.224/28
10.103.131.240/28
remote Networks:
10.0.0.0/8
192.168.0.0/16
172.30.0.0/16
This is necessary for us, because we have following konfiguration and no dynamic routing protocoll.:
Home Offices -> Branch Office -> HQ -> all other BOs
